Human-Centered Security

Security That Fits

Translucent Security

Human-centered security is distinct from other human-centered design challenges because of the stochastic and potential harm that are components of security. We implement human-centered security as translucent security has the following design goals.

Transluscent security is not simply usable security. Is not default security. Is cooperative security based on risk communication, with computers and humans as partners. People understand their context, security engineers understand the risk. Security communication is risk communication. Risk communication that is best context dependent, designed for the task and the risk. The entire security decision is grounded in a single interaction or narrative the risk clear.

Why is usable security more than usability, and sometimes not aligned with traditional usability? In part, because individuals rarely want to perform security per se. Security is not the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal.

Additionally, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual discrete technical problems are all understood under the rubric of online security (e.g., privacy, malware).

The stochastic nature of security (and risks in general) make common usability approaches inapplicable. Makign clear the connection between action and consequence is particularly difficult in security and privacy. Risk is inherently probabilistic. There may be no consequence. Consequence is very likely to be delayed. Consequence may prove catastrophic. And if the consequences could be determined, the action-risk-consequence information may be overwhelming

Finally, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design.